Add mysql-proxy to enable read-only access to a db
This commit adds a mysql_proxy module which will setup a read-only proxy to a mysql db. This also configures a proxy to the subunit2sql db to run on logstash.o.o to provide read only access to the data in the database. Change-Id: I478baca354354347fe50074a8e3b9f66ca890d55
This commit is contained in:
parent
5941f835ac
commit
364e5ca681
@ -327,6 +327,7 @@ node 'logstash.openstack.org' {
|
||||
],
|
||||
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
||||
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
||||
mysql_proxy_admin_pass => hiera('subunit2sql_proxy_pass', ''),
|
||||
}
|
||||
}
|
||||
|
||||
|
2
modules/mysql_proxy/files/mysql-proxy
Normal file
2
modules/mysql_proxy/files/mysql-proxy
Normal file
@ -0,0 +1,2 @@
|
||||
ENABLED="true"
|
||||
OPTIONS="--defaults-file /etc/mysql-proxy/mysql-proxy.conf"
|
40
modules/mysql_proxy/manifests/init.pp
Normal file
40
modules/mysql_proxy/manifests/init.pp
Normal file
@ -0,0 +1,40 @@
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: mysql_proxy
|
||||
#
|
||||
class mysql_proxy {
|
||||
|
||||
package { 'mysql-proxy':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
file { '/etc/mysql-proxy':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => Package['mysql-proxy'],
|
||||
|
||||
}
|
||||
|
||||
file { '/etc/default/mysql-proxy':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/mysql_proxy/mysql-proxy',
|
||||
require => Package['mysql-proxy'],
|
||||
}
|
||||
|
||||
}
|
41
modules/mysql_proxy/manifests/server.pp
Normal file
41
modules/mysql_proxy/manifests/server.pp
Normal file
@ -0,0 +1,41 @@
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: mysql_proxy::server
|
||||
#
|
||||
class mysql_proxy::server (
|
||||
$db_host,
|
||||
$db_port='3306',
|
||||
$lua_script = '/usr/share/mysql-proxy/rw-splitting.lua',
|
||||
$admin_username = 'admin',
|
||||
$admin_pass,
|
||||
) {
|
||||
|
||||
file { '/etc/mysql-proxy/mysql-proxy.conf':
|
||||
ensure => file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => template("mysql_proxy/mysql-proxy.conf.erb"),
|
||||
require => File['/etc/mysql-proxy']
|
||||
}
|
||||
|
||||
service{ 'mysql-proxy':
|
||||
ensure => running,
|
||||
subscribe => [
|
||||
Package['mysql-proxy'],
|
||||
File['/etc/mysql-proxy/mysql-proxy.conf'],
|
||||
],
|
||||
}
|
||||
}
|
8
modules/mysql_proxy/templates/mysql-proxy.conf.erb
Normal file
8
modules/mysql_proxy/templates/mysql-proxy.conf.erb
Normal file
@ -0,0 +1,8 @@
|
||||
[mysql-proxy]
|
||||
log-file = /var/log/mysql-proxy.log
|
||||
log-level = message
|
||||
proxy-read-only-backend-addresses = <%= @db_host %>:<%= @db_port %>
|
||||
proxy-lua-script = <%= @lua_script %>
|
||||
admin-username = <%= @admin_username %>
|
||||
admin-password = <%= @admin_pass %>
|
||||
admin-lua-script = /usr/share/mysql-proxy/admin.lua
|
@ -22,12 +22,13 @@ class openstack_project::logstash (
|
||||
$sysadmins = [],
|
||||
$subunit2sql_db_host,
|
||||
$subunit2sql_db_pass,
|
||||
$mysql_proxy_admin_pass,
|
||||
) {
|
||||
$iptables_es_rule = regsubst ($elasticsearch_nodes, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
||||
$iptables_gm_rule = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
||||
$iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80],
|
||||
iptables_public_tcp_ports => [22, 80, 4040],
|
||||
iptables_rules6 => $iptables_rule,
|
||||
iptables_rules4 => $iptables_rule,
|
||||
sysadmins => $sysadmins,
|
||||
@ -52,4 +53,12 @@ class openstack_project::logstash (
|
||||
db_host => $subunit2sql_db_host,
|
||||
db_pass => $subunit2sql_db_pass,
|
||||
}
|
||||
|
||||
include 'mysql_proxy'
|
||||
|
||||
class { 'mysql_proxy::server':
|
||||
db_host => $subunit2sql_db_host,
|
||||
admin_username => 'admin',
|
||||
admin_pass => $mysql_proxy_admin_pass,
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user